﻿using System.Web;
using System.Web.Mvc;

namespace SS.AspNet.Utilities
{
    /// <summary>
    /// The custom authorisation attribute inheriting from the standard AuthorizeAttribute
    /// <para>
    /// with an optional bool parameter to specify whether authorisation is required or not.
    /// </para> 
    /// </summary>
    public class OptionalAuthorizeAttribute : AuthorizeAttribute
    {
        private readonly bool _authorize;

        public OptionalAuthorizeAttribute()
        {
            _authorize = true;
        }

        public OptionalAuthorizeAttribute(bool authorize)
        {
            _authorize = authorize;
        }

        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            return !_authorize || base.AuthorizeCore(httpContext);
        }
    }
}